Completed code refresh

Code refreshed for consistency across scripts and added validation and security.
fulco · May 13, 2024 · 3b2d317 · 3b2d317
1 parent 6cdb6b0
commit 3b2d317
Show file tree

Hide file tree

Showing 3 changed files with 198 additions and 364 deletions.
diff --git a/croncheck.sh b/croncheck.sh
@@ -1,60 +1,57 @@
 #!/bin/bash
 
+# Constants
+readonly BACKUP_USER="backup_admin"
+readonly SSH_CONFIG="/etc/ssh/sshd_config"
+readonly LOG_FILE="/var/log/croncheck.log"
+
+# Function to log messages with timestamps
+log() {
+    local message="$1"
+    echo "$(date '+%Y-%m-%d %H:%M:%S'): $message" | tee -a "$LOG_FILE"
+}
+
 # Check if the script is run as root
-if [ "$(id -u)" -ne 0 ]; then
-  echo "This script must be run as root"
-  exit 1
+if [[ $EUID -ne 0 ]]; then
+    log "Error: This script must be run as root."
+    exit 1
 fi
 
-# Define the backup user
-BACKUP_USER="backup_admin"
-
 # Check if the backup user exists
-if id "$BACKUP_USER" >/dev/null 2>&1; then
-  echo "Backup user $BACKUP_USER exists"
-else
-  echo "Backup user $BACKUP_USER does not exist"
-  exit 1
+if ! id "$BACKUP_USER" &>/dev/null; then
+    log "Error: Backup user $BACKUP_USER does not exist."
+    exit 1
 fi
 
 # Check if the backup user has sudo access
-if sudo -l -U "$BACKUP_USER" >/dev/null 2>&1; then
-  echo "Backup user $BACKUP_USER has sudo access"
-else
-  echo "Backup user $BACKUP_USER does not have sudo access"
-  exit 1
+if ! sudo -l -U "$BACKUP_USER" &>/dev/null; then
+    log "Error: Backup user $BACKUP_USER does not have sudo access."
+    exit 1
 fi
 
 # Check if the SSH configuration file is unchanged
-SSH_CONFIG="/etc/ssh/sshd_config"
-if [ "$(sudo lsattr $SSH_CONFIG)" == "----i---------e-- $SSH_CONFIG" ]; then
-  echo "SSH configuration file is unchanged"
-else
-  echo "SSH configuration file has been modified"
-  exit 1
+if ! sudo lsattr "$SSH_CONFIG" 2>/dev/null | grep -q '^----i---------e--, '; then
+    log "Error: SSH configuration file has been modified."
+    exit 1
 fi
 
 # Check if the firewall rules are unchanged
-if command -v ufw >/dev/null 2>&1 && ufw status | grep -qw "active"; then
-  # Check UFW rules
-  if ufw status numbered | grep -qw "98"; then
-    echo "UFW rules are unchanged"
-  else
-    echo "UFW rules have been modified"
-    exit 1
-  fi
-elif command -v iptables >/dev/null 2>&1; then
-  # Check iptables rules
-  if iptables -L INPUT --line-numbers | grep -q "tcp dpt:98"; then
-    echo "iptables rules are unchanged"
-  else
-    echo "iptables rules have been modified"
-    exit 1
-  fi
+if command -v ufw &>/dev/null && ufw status | grep -qw "active"; then
+    # Check UFW rules
+    if ! ufw status numbered | grep -qw "98"; then
+        log "Error: UFW rules have been modified."
+        exit 1
+    fi
+elif command -v iptables &>/dev/null; then
+    # Check iptables rules
+    if ! iptables -L INPUT --line-numbers | grep -q "tcp dpt:98"; then
+        log "Error: iptables rules have been modified."
+        exit 1
+    fi
 else
-  echo "No known firewall (ufw or iptables) is active on this system"
-  exit 1
+    log "Warning: No known firewall (ufw or iptables) is active on this system."
+    exit 1
 fi
 
-echo "All checks passed successfully"
-exit 0
+log "All checks passed successfully."
+exit 0
diff --git a/rapidenum.sh b/rapidenum.sh
@@ -1,118 +1,129 @@
 #!/bin/bash
 
+# Constants
+DEFAULT_OUTPUT_DIR="./HostServices"
+DEFAULT_MAX_RATE=1000
+DEFAULT_TIMEOUT=600
+
 # Function to display usage information
 usage() {
-  echo "Usage: $0 [-d output_directory] [-s service1,service2,...] [-r rate] [-t timeout] network_range"
-  echo "  -d output_directory  Specify the output directory for scan results (default: ./HostServices)"
-  echo "  -s service1,service2,...  Specify the services to scan (default: all services)"
-  echo "  -r rate  Specify the maximum packet rate (default: 1000)"
-  echo "  -t timeout  Specify the timeout in seconds for each host (default: 600)"
-  echo "  network_range  The network range to scan (e.g., 10.1.1.0/24)"
+    echo "Usage: $0 [-d output_directory] [-s service1,service2,...] [-r rate] [-t timeout] network_range"
+    echo "  -d output_directory  Specify the output directory for scan results (default: $DEFAULT_OUTPUT_DIR)"
+    echo "  -s service1,service2,...  Specify the services to scan (default: all services)"
+    echo "  -r rate  Specify the maximum packet rate (default: $DEFAULT_MAX_RATE)"
+    echo "  -t timeout  Specify the timeout in seconds for each host (default: $DEFAULT_TIMEOUT)"
+    echo "  network_range  The network range to scan (e.g., 10.1.1.0/24)"
+}
+
+# Function to log messages with timestamps
+log() {
+    local message="$1"
+    echo "$(date '+%Y-%m-%d %H:%M:%S'): $message"
 }
 
 # Parse command-line arguments
-output_dir="./HostServices"
+output_dir="$DEFAULT_OUTPUT_DIR"
 services=()
-max_rate=1000
-timeout=600
+max_rate="$DEFAULT_MAX_RATE"
+timeout="$DEFAULT_TIMEOUT"
 
 while getopts ":d:s:r:t:" opt; do
-  case $opt in
-    d) output_dir=$OPTARG ;;
-    s) IFS=',' read -ra services <<< "$OPTARG" ;;
-    r) max_rate=$OPTARG ;;
-    t) timeout=$OPTARG ;;
-    \?) echo "Invalid option: -$OPTARG" >&2; usage; exit 1 ;;
-    :) echo "Option -$OPTARG requires an argument." >&2; usage; exit 1 ;;
-  esac
+    case $opt in
+        d) output_dir="$OPTARG" ;;
+        s) IFS=',' read -ra services <<< "$OPTARG" ;;
+        r) max_rate="$OPTARG" ;;
+        t) timeout="$OPTARG" ;;
+        \?) log "Error: Invalid option -$OPTARG"; usage; exit 1 ;;
+        :) log "Error: Option -$OPTARG requires an argument"; usage; exit 1 ;;
+    esac
 done
 shift $((OPTIND-1))
 
-if [ $# -ne 1 ]; then
-  usage
-  exit 1
+if [[ $# -ne 1 ]]; then
+    usage
+    exit 1
 fi
 
 network_range="$1"
 
 # Check if Nmap is installed
-if ! command -v nmap &> /dev/null; then
-  echo "Nmap is not installed. Please install Nmap and try again."
-  exit 1
+if ! command -v nmap &>/dev/null; then
+    log "Error: Nmap is not installed. Please install Nmap and try again."
+    exit 1
 fi
 
 # Create the output directory if it doesn't exist
 mkdir -p "$output_dir"
 
 # Define the services and their corresponding ports
 declare -A services_tcp=(
-  ["ftp"]=21
-  ["ssh"]=22
-  ["telnet"]=23
-  ["smtp"]=25
-  ["dns"]=53
-  ["http"]=80
-  ["pop3"]=110
-  ["imap"]=143
-  ["https"]=443
-  ["smb"]=445
-  ["mssql"]=1433
-  ["oracle"]=1521
-  ["mysql"]=3306
-  ["rdp"]=3389
-  ["postgresql"]=5432
-  ["vnc"]=5900
-  ["http-alt"]=8080
-  ["https-alt"]=8443
-  ["smtps"]=465
-  ["imaps"]=993
-  ["pop3s"]=995
-  ["mongodb"]=27017
-  ["socks"]=1080
-  ["squid"]=3128
-  ["rpcbind"]=111
-  ["pptp"]=1723
+    ["ftp"]=21
+    ["ssh"]=22
+    ["telnet"]=23
+    ["smtp"]=25
+    ["dns"]=53
+    ["http"]=80
+    ["pop3"]=110
+    ["imap"]=143
+    ["https"]=443
+    ["smb"]=445
+    ["mssql"]=1433
+    ["oracle"]=1521
+    ["mysql"]=3306
+    ["rdp"]=3389
+    ["postgresql"]=5432
+    ["vnc"]=5900
+    ["http-alt"]=8080
+    ["https-alt"]=8443
+    ["smtps"]=465
+    ["imaps"]=993
+    ["pop3s"]=995
+    ["mongodb"]=27017
+    ["socks"]=1080
+    ["squid"]=3128
+    ["rpcbind"]=111
+    ["pptp"]=1723
 )
 
 declare -A services_udp=(
-  ["dns"]=53
-  ["dhcp-server"]=67
-  ["dhcp-client"]=68
-  ["tftp"]=69
-  ["snmp"]=161
-  ["ntp"]=123
-  ["ldap"]=389
-  ["ws-discovery"]=3389
-  ["nfs"]=2049
+    ["dns"]=53
+    ["dhcp-server"]=67
+    ["dhcp-client"]=68
+    ["tftp"]=69
+    ["snmp"]=161
+    ["ntp"]=123
+    ["ldap"]=389
+    ["ws-discovery"]=3389
+    ["nfs"]=2049
 )
 
 # Perform a ping sweep to identify live hosts
-echo "Performing ping sweep on $network_range"
+log "Performing ping sweep on $network_range"
 live_hosts=$(nmap -sn --min-rate "$max_rate" --max-retries 1 --max-rtt-timeout 100ms "$network_range" | awk '/is up/{print $2}')
 
 # Perform scans for selected services on live hosts
 for service in "${services[@]:-${!services_tcp[@]} ${!services_udp[@]}}"; do
-  if [[ ${services_tcp[$service]+_} ]]; then
-    port=${services_tcp[$service]}
-    protocol="TCP"
-  elif [[ ${services_udp[$service]+_} ]]; then
-    port=${services_udp[$service]}
-    protocol="UDP"
-  else
-    echo "Unknown service: $service"
-    continue
-  fi
-
-  echo "Scanning for $service ($protocol port $port) on live hosts"
-  output_file="$output_dir/${service}_hosts.txt"
-
-  if [ "$protocol" = "TCP" ]; then
-    nmap -sV --min-rate "$max_rate" --max-retries 2 --host-timeout "${timeout}s" -p "$port" --open -oG - "$live_hosts" | awk '/Status: Open/{print $2}' > "$output_file"
-  else
-    nmap -sU -sV --min-rate "$max_rate" --max-retries 2 --host-timeout "${timeout}s" -p "$port" --open -oG - "$live_hosts" | awk '/Status: Open/{print $2}' > "$output_file"
-  fi
-
-  echo "Scan results saved to $output_file"
-  echo "Number of live hosts with $service open: $(wc -l < "$output_file")"
-  echo "---"
-done
+    if [[ -v "services_tcp[$service]" ]]; then
+        port="${services_tcp[$service]}"
+        protocol="TCP"
+    elif [[ -v "services_udp[$service]" ]]; then
+        port="${services_udp[$service]}"
+        protocol="UDP"
+    else
+        log "Warning: Unknown service $service"
+        continue
+    fi
+
+    log "Scanning for $service ($protocol port $port) on live hosts"
+    output_file="$output_dir/${service}_hosts.txt"
+
+    if [[ "$protocol" == "TCP" ]]; then
+        nmap -sV --min-rate "$max_rate" --max-retries 2 --host-timeout "${timeout}s" -p "$port" --open -oG - "$live_hosts" | awk '/Status: Open/{print $2}' > "$output_file"
+    else
+        nmap -sU -sV --min-rate "$max_rate" --max-retries 2 --host-timeout "${timeout}s" -p "$port" --open -oG - "$live_hosts" | awk '/Status: Open/{print $2}' > "$output_file"
+    fi
+
+    log "Scan results saved to $output_file"
+    log "Number of live hosts with $service open: $(wc -l < "$output_file")"
+    log "---"
+done